Security Basics mailing list archives
Re: MS PEAP vs. EAP-TTLS
From: yonesy <yonesy () gmail com>
Date: Wed, 2 Feb 2005 12:00:46 -0500
This is from a nice article from NWC back in 2003 which is applicable today. I currently use PEAP-TLS (it works perfectly). "PEAP works in two steps. After the initial handshake between the client and access point, a TLS (Transport Layer Security) channel is created between the client and authentication server. All messages get encrypted, and the RADIUS server then authenticates the client using an EAP method--EAP-TLS or EAP-MS-CHAP (Challenge Handshake Authentication Protocol) v2. With TTLS (Tunneled Transport Layer Security), a TLS tunnel is established and the client authentication parameters get exchanged. TLS has existed longer than TTLS, but its usage has waned because it requires extra certificates on each client. TTLS and PEAP are similar in concept, but there are important differences: TTLS supports other EAP authentication methods and also PAP, CHAP, MS-CHAP and MS-CHAPv2, whereas PEAP can tunnel only EAP-type protocols such as EAP-TLS, EAP-MS-CHAPv2 and EAP-SIM. TTLS requires installation of client software, whereas PEAP comes ready to run in XP Service Pack 1 on the client device, for instance. TTLS is widely available and implemented, while PEAP is still new. But given PEAP's backing from Cisco, Microsoft and RSA, it's likely to emerge as the de facto authentication mechanism for 802.1x." http://www.nwc.com/1409/1409ws13.html Good Luck! On Mon, 31 Jan 2005 11:09:13 -0800 (PST), Dave Lewis <infosecdave () yahoo com> wrote:
Hi All, Does anyone have any opinions about the merits of Funk's EAP-TTLS vs. MS's PEAP implimentation for WLAN? Any suggestions or links to resources, etc. are appreciated. Thanks in advance, Dave __________________________________ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo
-- Yonesy F. Nuñez, ISSAP, ISSMP, CISSP, MCSE, Security+ Failed to plan?... Then plan to fail!!!
Current thread:
- Re: MS PEAP vs. EAP-TTLS yonesy (Feb 02)